Return to protonvpn.com Facebook   Twitter   Reddit   Instagram   Mastodon   ProtonMail
Support Center / DNS leaks and how they compromise your privacy

DNS leaks and how they compromise your privacy

VPNs are a good way to protect your online activity and privacy. However, they are not impenetrable. There are certain weaknesses that can compromise your identity even if you use a VPN. One such vulnerability is a DNS leak.

What is DNS?

You can think of the domain name system (DNS) as the Internet’s phonebook. It links URLs, the web addresses that humans use, like www.protonvpn.com, to Internet Protocol (IP) addresses, the web addresses computers use, like 185.70.40.231. When you type an URL into your browser, it sends out a request that is directed to the correct IP address. This makes DNS one of the foundations of the Internet.

What causes DNS leaks?

DNS lookups run in the background and do not require any interaction from the user once the request has been initiated. Typically, your computer will use the DNS servers provided by your Internet service provider (ISP). Because you must perform a DNS lookup each time you visit a website, the operators of the DNS server you are using can monitor every single site that you visit.

However, even if you use a third-party DNS server or your own DNS server, your ISP will still be able to monitor your DNS requests if they are not encrypted.

Other causes of DNS leakage

VPNs will encrypt your DNS requests along with the rest of your Internet traffic but there are several situations that could lead to DNS leaks and expose your online activity.

  • You manually configured your VPN connection: If you have set up your own VPN connection, there is a much higher risk of DNS leaks if the DNS settings are misconfigured.
  • An intruder controls your router: If you are using public Wi-Fi, an intruder could trick your device into sending its DNS requests outside the encrypted VPN connection.
  • Your connection to the VPN server is interrupted: If you lose connection to your VPN service, then your DNS requests could be sent to your ISP to be resolved.

How to test for DNS leaks

The easiest way to test for a DNS leak is to go to www.dnsleaktest.com and run a free test. It will tell you your device’s IP address and your rough location. You should run two tests, one before you activate your VPN service and one after, to ensure that your online privacy is protected. If both tests turn out the same results, then your VPN service is not protecting your DNS requests.

ProtonVPN DNS leak protection

We do not use third party DNS servers. Each VPN server runs a DNS server as well, and our native apps have a default DNS leak protection feature that forces your internet connection to resolve DNS queries via our DNS servers. This means that when you are connected to ProtonVPN, your DNS queries through our encrypted VPN tunnel. We do not keep any logs of your DNS requests. 

We also go a step further with our Kill Switch feature, which blocks all network connections in case you lose connection to our VPN server. This way ProtonVPN keeps you protected even when you get accidentally disconnected.

DNS leaks are simple to find and easy to prevent but they can undermine your online privacy and security. Be sure to only use trustworthy VPN services, use the recommended settings, and test for DNS leaks regularly.

Post Comment

6 comments

  1. Hello

    What is your DNS server?
    As of Plus user, I connected Proton with my router. I want to find out how to ensure my DNS server setting is connected with Proton to aviod unleakable.

    Thanks!

  2. ProtonVPN Team

    Hey, all of the DNS requests are resolved on the server itself so each VPN server is running a DNS server. The address is 10.8.8.1 for UDP connections and 10.7.7.1 for TCP connections.

  3. frank

    do you log for dns queries ?

  4. ProtonVPN Team

    Hello Frank, since DNS queries are resolved on the server itself, they are also encrypted and not logged as per our security policies.

  5. Peter

    When I performed the extended look-up on the DNS leak test site.

    This displayed my beginning IP and the Protonmail secure core

    Why?

  6. ProtonVPN Team

    Hello Peter, that should not happen so please send the results to our support team. https://protonvpn.com/support-form

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't find your answer? We're happy to help you!     Contact Our Support Team

Secure your internet

Get ProtonVPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN